id: CVE-2018-12675 info: name: SV3C HD Camera L Series - Open Redirect author: 0x_Akoko severity: medium description: | SV3C HD Camera L Series 2.3.4.2103-S50-NTD-B20170508B and 2.3.4.2103-S50-NTD-B20170823B contains an open redirect vulnerability. It does not perform origin checks on URLs in the camera's web interface, which can be leveraged to send a user to an unexpected endpoint. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations. impact: | An attacker can use this vulnerability to redirect users to malicious websites, leading to phishing attacks. remediation: | Apply the latest firmware update provided by the vendor to fix the open redirect vulnerability. reference: - https://bishopfox.com/blog/sv3c-l-series-hd-camera-advisory - https://vuldb.com/?id.125799 - https://www.bishopfox.com/news/2018/10/sv3c-l-series-hd-camera-multiple-vulnerabilities/ - https://nvd.nist.gov/vuln/detail/CVE-2018-12675 - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2018-12675 cwe-id: CWE-601 epss-score: 0.00118 epss-percentile: 0.45948 cpe: cpe:2.3:o:sv3c:h.264_poe_ip_camera_firmware:v2.3.4.2103-s50-ntd-b20170508b:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: sv3c product: h.264_poe_ip_camera_firmware tags: cve,cve2018,redirect,sv3c,camera,iot http: - method: GET path: - '{{BaseURL}}/web/cgi-bin/hi3510/param.cgi?cmd=setmobilesnapattr&cururl=http%3A%2F%2Finteract.sh' matchers: - type: word part: body words: - '' # digest: 4a0a00473045022100fe1e9de738122538a2449b660acfbadd5b2f6e95f978b4fd052467bb4f222c1b022077728b007829328b0aa238c9635a5106d04c04ef695ec1557e91b4b5b46cb70f:922c64590222798bb761d5b6d8e72950